guided-tour

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to fetch the Open SaaS documentation map at https://docs.opensaas.sh/llms.txt and then retrieve the "Guided Tour" from a raw.githubusercontent.com URL—public, user-editable web content the agent must read and use as its source of truth to drive guidance and answers, which could contain malicious instructions that change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The skill explicitly fetches https://docs.opensaas.sh/llms.txt at runtime and then fetches the linked raw.githubusercontent.com markdown guide which is treated as the "source of truth" controlling the agent's tour content and responses, so external content directly controls prompts and is a required dependency.